CAPEC-150: Collect Data from Common Resource Locations
ID
CAPEC-150
Typical Severity
Medium
Status
Draft
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-552 | Files or Directories Accessible to External Parties | weakness |
| CWE-1239 | Improper Zeroization of Hardware Register | weakness |
| CWE-1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information | weakness |
| CWE-1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device | weakness |
| CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition | weakness |
| CWE-1323 | Improper Management of Sensitive Trace Data | weakness |
| CWE-1330 | Remanent Data Readable after Memory Erase | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1003 | OS Credential Dumping |
| ATTACK | 1119 | Automated Collection |
| ATTACK | 1213 | Data from Information Repositories |
| ATTACK | 1530 | Data from Cloud Storage Object |
| ATTACK | 1555 | Credentials from Password Stores |
| ATTACK | 1602 | Data from Configuration Repository |